• Resources

Secure, Confidential Transcription Services: How Information Security Standards Keep Your Data Safe

More and more organisations are outsourcing transcription for investigative interviews. But how do you make sure your sensitive, confidential data is captured, shared, and stored securely? Two security standards, ISO27001 and CyberEssentials, can provide reassurance. Investigative interviews come in all shapes and sizes. You might be a regulator running an inquiry into bribery and corruption, or a local authority looking at council tax, benefits or pensions fraud. Maybe you’re working in an overstretched police force, always under pressure to do “more for less”. Or perhaps you’re an HR professional, holding interviews as part of employment disputes, disciplinary hearings or appeals. Whatever the scenario, having an accurate written record of your interviews is essential, whether it’s part of the official record or just background information. People in a meeting More and more organisations are outsourcing transcription, whether that’s verbatim, intelligent verbatim, note taking, summaries or language services. But for investigative interviews, there’s a catch. Interviews like this can be sensitive, dealing with confidential or contentious issues. And new GDPR rules mean you need to take even more care when capturing, moving, and storing data. The reputational risks are considerable if something goes wrong. So how do you make sure your information is safe when you’re not in control of your external partner’s data management systems and processes? Among the quality standards dealing specifically with cyber security, two are worth looking out for. Whilst some charter marks and accreditation schemes are just about “box ticking”, ISO270001 and CyberEssentials are different. ISO27001 is an internationally recognised standard for handling data. It covers strategy, policy and procedures across all the legal, physical and technical aspects of an organisation’s information management. Appen has been accredited to ISO27001 since 2012. To qualify, an organisation must:
  • Identify IT risks
  • Assess the implications of those risks
  • Put in place systems to limit the potential damage
It’s a demanding standard, assessed by an external auditor. There must be a commitment from the top down, and it must be implemented by people with the right skills, so training is key. Once accredited, an organisation must work hard to retain ISO27001 status, demonstrating continuous improvement. It’s worth it though; the evidence shows ISO27001 reduces the number and severity of security incidents and keeps IT systems and processes controlled and well-managed. Most of all, it shows that keeping information safe is a priority. The other data management standard to look for is CyberEssentials (CE). It’s a simpler, more practical process, although still rigorous and well worthwhile for organisations that need to maintain a secure digital environment. Overseen by the National Cyber Security Centre (NCSC), part of GCHQ, CE is specified for all UK Government contracts that involve handling sensitive or personal data. Appen’s been CE accredited since 2016. The standard is a comprehensive look at all aspects of IT. Applicants must ask themselves:
  • Are our firewalls secure and fit for purpose?
  • Are our security settings the right ones?
  • Who can access what data?
  • Is our malware and virus protection adequate?
  • What arrangements are there for keeping devices/software up to date?
An external auditor examines the self-assessment and decides whether to award the CE mark. Like ISO27001, organisations must reapply regularly. Even if, like Appen, your chosen provider is accredited to ISO27001 and CE, you can still dig deeper. Why not ask what issues, if any, the external auditors found, how many incidents, if any, there’ve been, and what specific measures are in place to retain the accreditation? If information security is important to you, don’t just cross your fingers when outsourcing transcription. When you’re agreeing a contract, demand ISO27001 and CyberEssentials compliance. They’re more than logos; they’re an assurance that an organisation is committed to identifying and preventing risks. These information security standards set the bar high, and it takes constant review, challenge and action to get and keep them. Find out more at: iso.org cyberessentials.ncsc.gov.uk   Appen will be at the Counter Fraud 2019 Conference on 13 February at the QEII Centre, London. Contact us to learn more about secure, confidential transcription services.

More Like This

secure transcription

Secure Transcription: How Safe is Your Data?

By its very nature, a secure transcription often deals with sensitive matters and includes personal, highly confidential or even top-secret information. How do transcription providers ensure that the people handling your data can be trusted to keep it secure? Secure transcriptions are a key procedural tool for formal investigations, from coroners’ inquests and police interviews to regulatory inquiries and employment-related …  

secure sensitive transcription services

Secure, onsite facilities for sensitive transcription data

With highly sensitive transcription data, basic security measures are not enough Most transcription providers offer basic security measures like staff vetting and data handling processes, but some highly sensitive material requires enhanced protection. As recent news stories have shown, security can sometimes be less than optimal when it comes to transcription data. Even at large, high-profile organisations, lazy practices such …  

Microphone in a recording studio

How to get the best quality audio recordings for transcription — and what happens when ‘perfect’ isn’t possible

Sometimes, despite best efforts, the quality of an audio recording is less than perfect. In this situation, there are a few things Appen can do to help.  

Get in touch.

Please complete the below form and we will be in touch with you soon

ImageImage
Join Our Crowd
@ 2024 Appen Limited
Legal Policies
Data Subject Access Request
@ 2024 Appen Limited
Legal Policies
Data Subject Access Request
Website for deploying AI with world class training data
Language
Chinese
Japanese